#!/usr/bin/env bash
# This script checks if there is plain (not redacted) log in TiKV.
set -euo pipefail

function error_msg() {
    echo "To print user data into info logs or error messages, use log_wrappers::Value() instead of hex::encode_upper. The former will respect \`security.redact-info-log\` config and filter out user data from info log if needed. Otherwise, use \`log_wrappers::hex_encode_upper\` to get around the lint error. See https://github.com/tikv/tikv/pull/9250 for more information." >&2
}

if [[ "$(uname)" == "Darwin" ]] ; then
    if grep -r -n --color=always --include '*.rs' --exclude hex.rs --exclude-dir tikv-ctl --exclude-dir target 'encode_upper' . | grep -v log_wrappers ; then
        error_msg
        exit 1
    fi
else
    if grep -r -n -P '(?<!hex_)encode_upper' -C 1 --color=always --include \*.rs --exclude hex.rs --exclude-dir tikv-ctl --exclude-dir target . ; then
        error_msg
        exit 1
    fi
fi

echo "Security check passed."
